From 6a494184799b54e22c35880aba4231e4d92bab62 Mon Sep 17 00:00:00 2001 From: Alex Date: Thu, 15 Aug 2024 11:08:26 +0100 Subject: chore: create .gitignore for main --- .gitignore | 15 +++++++++++++++ 1 file changed, 15 insertions(+) create mode 100644 .gitignore diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..cd44594 --- /dev/null +++ b/.gitignore @@ -0,0 +1,15 @@ +# Terraform +*.tfstate +*.tfstate.* +*.tfvars +*.tfvars.json +.terraform.tfstate.lock.info +.terraform/ +.terraform* + +# Output Files +*.zip +log* + +# OS-Related Files +.DS_Store -- cgit v1.2.3 From 6f12e84d30a798ce80c90ee29aebd7fa45501eba Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 11:26:56 +0100 Subject: ci(staging-checks): replace *.yml with staging-checks.yml --- .github/workflows/staging-checks.yml | 50 ++++++++++++++++++++++++++++++++++++ 1 file changed, 50 insertions(+) create mode 100644 .github/workflows/staging-checks.yml diff --git a/.github/workflows/staging-checks.yml b/.github/workflows/staging-checks.yml new file mode 100644 index 0000000..cec0695 --- /dev/null +++ b/.github/workflows/staging-checks.yml @@ -0,0 +1,50 @@ +name: staging-checks + +on: + push: + branches: [development] + pull_request: + branches: [development, staging] + +jobs: + + check-if-py-files-exist: + runs-on: ubuntu-latest + outputs: + py_files_exist: ${{ steps.check.outputs.py_files_exist }} + steps: + - uses: actions/checkout@v2 + - id: check_files + run: | + if [ -n "$(find . -name '*.py')" ]; then + echo "::set-output name=py_files_exist::true" + else + echo "::set-output name=py_files_exist::false" + fi + + python-quality-checks: + needs: check-if-py-files-exist + if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} + runs-on: ubuntu-latest + steps: + - uses : actions/checkout@v2 + - name : Setup + uses : actions/setup-python@v2 + with: + python-version: 3.11 + - name : Dependencies + run: | + python -m pip install --upgrade pip + pip install flake8 pylint black bandit safety + - name : Linting + run: | + flake8 . + find . -name "*.py" | xargs pylint + - name : Formatting + run: | + black --check . + - name: Security + run: | + bandit -r . + safety check + \ No newline at end of file -- cgit v1.2.3 From 5fecc3060f0565af004368cd0856df848ca0127a Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 12:09:27 +0100 Subject: ci(commit-qc-checks): add initial qc checks for commits using ga" it will: - lint python scripts - check python script formatting - check python script security - check formatting for tf scripts - validate tf configuration --- .github/workflows/on-commit.yml | 60 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 60 insertions(+) create mode 100644 .github/workflows/on-commit.yml diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml new file mode 100644 index 0000000..e429651 --- /dev/null +++ b/.github/workflows/on-commit.yml @@ -0,0 +1,60 @@ +name: commit-qc-checks + +on: + push: + branches-ignore: + - 'main' + +jobs: + check-if-py-files-exist: + runs-on: ubuntu-latest + outputs: + py_files_exist: ${{ steps.check.outputs.py_files_exist }} + steps: + - uses: actions/checkout@v2 + - id: check_files + run: | + if [ -n "$(find . -name '*.py')" ]; then + echo "::set-output name=py_files_exist::true" + else + echo "::set-output name=py_files_exist::false" + fi + + quality-checks: + needs: check-if-py-files-exist + if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} + runs-on: ubuntu-latest + steps: + - uses : actions/checkout@v2 + - name : 'Python: Setup' + uses : actions/setup-python@v2 + with: + python-version: 3.11 + - name : 'Python: Install Dependencies' + run: | + python -m pip install --upgrade pip + pip install flake8 pylint black bandit safety + - name : 'Python: Linting' + run: | + flake8 . + find . -name "*.py" | xargs pylint + - name : 'Python: Formatting' + run: | + black --check . + - name: 'Python: Security' + run: | + bandit -r . + safety check + - name: 'Terraform: Setup' + uses: hashicorp/setup-terraform@v3 + with: + terraform_version: latest + - name: 'Terraform: Formatting' + working-directory: ./terraform + run: terraform fmt -check -recursive + - name: 'Terraform: Initialise' + working-directory: ./terraform + run: terraform init -backend=false + - name: 'Terraform: Validate' + working-directory: ./terraform + run: terraform validate -- cgit v1.2.3 From 9050c94bf9af7e90056217e9b1eb85f993ad5886 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 12:12:11 +0100 Subject: chore(ci): remove abandoned yml configs --- .github/workflows/python.yml | 50 ------------------------------------ .github/workflows/staging-checks.yml | 50 ------------------------------------ .github/workflows/terraform.yml | 37 -------------------------- 3 files changed, 137 deletions(-) delete mode 100644 .github/workflows/python.yml delete mode 100644 .github/workflows/staging-checks.yml delete mode 100644 .github/workflows/terraform.yml diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml deleted file mode 100644 index 7d5b5b1..0000000 --- a/.github/workflows/python.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: python-quality-checks - -on: - push: - branches: [development] - pull_request: - branches: [development, staging] - -jobs: - - check-if-py-files-exist: - runs-on: ubuntu-latest - outputs: - py_files_exist: ${{ steps.check.outputs.py_files_exist }} - steps: - - uses: actions/checkout@v2 - - id: check_files - run: | - if [ -n "$(find . -name '*.py')" ]; then - echo "::set-output name=py_files_exist::true" - else - echo "::set-output name=py_files_exist::false" - fi - - quality-checks: - needs: check-if-py-files-exist - if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} - runs-on: ubuntu-latest - steps: - - uses : actions/checkout@v2 - - name : Setup - uses : actions/setup-python@v2 - with: - python-version: 3.11 - - name : Dependencies - run: | - python -m pip install --upgrade pip - pip install flake8 pylint black bandit safety - - name : Linting - run: | - flake8 . - find . -name "*.py" | xargs pylint - - name : Formatting - run: | - black --check . - - name: Security - run: | - bandit -r . - safety check - \ No newline at end of file diff --git a/.github/workflows/staging-checks.yml b/.github/workflows/staging-checks.yml deleted file mode 100644 index cec0695..0000000 --- a/.github/workflows/staging-checks.yml +++ /dev/null @@ -1,50 +0,0 @@ -name: staging-checks - -on: - push: - branches: [development] - pull_request: - branches: [development, staging] - -jobs: - - check-if-py-files-exist: - runs-on: ubuntu-latest - outputs: - py_files_exist: ${{ steps.check.outputs.py_files_exist }} - steps: - - uses: actions/checkout@v2 - - id: check_files - run: | - if [ -n "$(find . -name '*.py')" ]; then - echo "::set-output name=py_files_exist::true" - else - echo "::set-output name=py_files_exist::false" - fi - - python-quality-checks: - needs: check-if-py-files-exist - if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} - runs-on: ubuntu-latest - steps: - - uses : actions/checkout@v2 - - name : Setup - uses : actions/setup-python@v2 - with: - python-version: 3.11 - - name : Dependencies - run: | - python -m pip install --upgrade pip - pip install flake8 pylint black bandit safety - - name : Linting - run: | - flake8 . - find . -name "*.py" | xargs pylint - - name : Formatting - run: | - black --check . - - name: Security - run: | - bandit -r . - safety check - \ No newline at end of file diff --git a/.github/workflows/terraform.yml b/.github/workflows/terraform.yml deleted file mode 100644 index c349756..0000000 --- a/.github/workflows/terraform.yml +++ /dev/null @@ -1,37 +0,0 @@ -name: terraform-quality-checks - -on: - push: - branches: [development] - paths: - - 'terraform/**.tf' - - 'terraform/**.tfvars' - pull_request: - branches: [development, staging] - paths: - - 'terraform/**.tf' - - 'terraform/**.tfvars' -jobs: - terraform-validation: - runs-on: ubuntu-latest - defaults: - run: - working-directory: ./terraform - steps: - - uses: actions/checkout@v2 - - name: Setup Terraform - uses: hashicorp/setup-terraform@v1 - with: - terraform_version: latest # Using the latest version, but not sure if it's the best practice - - name: Format - run: terraform fmt -check -recursive - - name: Init - run: terraform init -backend=false - - name: Validate - run: terraform validate - - name: Setup TFLint - uses: terraform-linters/setup-tflint@v2 - with: - tflint_version: latest - - name: Run TFLint - run: tflint -f compact \ No newline at end of file -- cgit v1.2.3 From 47a7b818cdbbde6b6a5f30c533909d41d16355f0 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 14:50:41 +0100 Subject: test: trigger commit workflow --- test.py | 0 1 file changed, 0 insertions(+), 0 deletions(-) create mode 100644 test.py diff --git a/test.py b/test.py new file mode 100644 index 0000000..e69de29 -- cgit v1.2.3 From 1c80682afe1ace3ad96982233b90e255ed9b4a20 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 14:53:58 +0100 Subject: ci: remove check if py files exist since we have some python/terraform files now, we shouldn't require this now! --- .github/workflows/on-commit.yml | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index e429651..2b6061c 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -6,23 +6,7 @@ on: - 'main' jobs: - check-if-py-files-exist: - runs-on: ubuntu-latest - outputs: - py_files_exist: ${{ steps.check.outputs.py_files_exist }} - steps: - - uses: actions/checkout@v2 - - id: check_files - run: | - if [ -n "$(find . -name '*.py')" ]; then - echo "::set-output name=py_files_exist::true" - else - echo "::set-output name=py_files_exist::false" - fi - quality-checks: - needs: check-if-py-files-exist - if: ${{ needs.check-if-py-files-exist.outputs.py_files_exist == 'true' }} runs-on: ubuntu-latest steps: - uses : actions/checkout@v2 -- cgit v1.2.3 From 65e899353bb71be9a087c5738e6b3c2abdda87e4 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:06:13 +0100 Subject: ci: update bandit command --- .github/workflows/on-commit.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 2b6061c..5f3aebf 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -27,7 +27,7 @@ jobs: black --check . - name: 'Python: Security' run: | - bandit -r . + bandit -lll */*.py *c/*.py safety check - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 -- cgit v1.2.3 From b3c2954488127ac165ab6ad0e4b09cf68456f3f9 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:13:14 +0100 Subject: ci: update checkout & python action versions --- .github/workflows/on-commit.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 5f3aebf..01de8d7 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -9,9 +9,9 @@ jobs: quality-checks: runs-on: ubuntu-latest steps: - - uses : actions/checkout@v2 + - uses : actions/checkout@v4 - name : 'Python: Setup' - uses : actions/setup-python@v2 + uses : actions/setup-python@v5 with: python-version: 3.11 - name : 'Python: Install Dependencies' -- cgit v1.2.3 From acf776a3732de3676e6178c27b8a46b564f36ad3 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:16:12 +0100 Subject: ci: remove security checks --- .github/workflows/on-commit.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 01de8d7..937aeaa 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -25,10 +25,6 @@ jobs: - name : 'Python: Formatting' run: | black --check . - - name: 'Python: Security' - run: | - bandit -lll */*.py *c/*.py - safety check - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: -- cgit v1.2.3 From 3ee88c87fbae7e9968c4fc7f9aae5e7f28581aad Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:32:53 +0100 Subject: ci: separate python & terraform jobs --- .github/workflows/on-commit.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 937aeaa..e4eb4f8 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -6,7 +6,7 @@ on: - 'main' jobs: - quality-checks: + python-quality-checks: runs-on: ubuntu-latest steps: - uses : actions/checkout@v4 @@ -25,6 +25,9 @@ jobs: - name : 'Python: Formatting' run: | black --check . + terraform-quality-checks: + runs-on: ubuntu-latest + steps: - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: @@ -37,4 +40,4 @@ jobs: run: terraform init -backend=false - name: 'Terraform: Validate' working-directory: ./terraform - run: terraform validate + run: terraform validate \ No newline at end of file -- cgit v1.2.3 From 6964625c65ae1552b8182891cf47997e480cce5e Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:34:03 +0100 Subject: fix(ci): correct terraform folder path --- .github/workflows/on-commit.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index e4eb4f8..355729e 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -33,11 +33,11 @@ jobs: with: terraform_version: latest - name: 'Terraform: Formatting' - working-directory: ./terraform + working-directory: terraform run: terraform fmt -check -recursive - name: 'Terraform: Initialise' - working-directory: ./terraform + working-directory: terraform run: terraform init -backend=false - name: 'Terraform: Validate' - working-directory: ./terraform + working-directory: terraform run: terraform validate \ No newline at end of file -- cgit v1.2.3 From e5f2d8c98dd029bfb9926c35002abcf998510cf7 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:37:26 +0100 Subject: fix(ci): add missing checkout action --- .github/workflows/on-commit.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index 355729e..a4e66bb 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -28,6 +28,7 @@ jobs: terraform-quality-checks: runs-on: ubuntu-latest steps: + - uses : actions/checkout@v4 - name: 'Terraform: Setup' uses: hashicorp/setup-terraform@v3 with: -- cgit v1.2.3 From 47f5abae5b1b033a805b08c2a00d7df0bb0dcd97 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 15:41:35 +0100 Subject: test(ci): add continue-on-error for debugging --- .github/workflows/on-commit.yml | 8 +++++++- 1 file changed, 7 insertions(+), 1 deletion(-) diff --git a/.github/workflows/on-commit.yml b/.github/workflows/on-commit.yml index a4e66bb..fd9ffb8 100644 --- a/.github/workflows/on-commit.yml +++ b/.github/workflows/on-commit.yml @@ -18,13 +18,16 @@ jobs: run: | python -m pip install --upgrade pip pip install flake8 pylint black bandit safety + continue-on-error: true - name : 'Python: Linting' run: | flake8 . find . -name "*.py" | xargs pylint + continue-on-error: true - name : 'Python: Formatting' run: | black --check . + continue-on-error: true terraform-quality-checks: runs-on: ubuntu-latest steps: @@ -36,9 +39,12 @@ jobs: - name: 'Terraform: Formatting' working-directory: terraform run: terraform fmt -check -recursive + continue-on-error: true - name: 'Terraform: Initialise' working-directory: terraform run: terraform init -backend=false + continue-on-error: true - name: 'Terraform: Validate' working-directory: terraform - run: terraform validate \ No newline at end of file + run: terraform validate + continue-on-error: true \ No newline at end of file -- cgit v1.2.3 From cc13dc8d170d8c60dbb92e4e802a854bbdf81d5b Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 16:03:00 +0100 Subject: test(ci): add terraform deploy job --- .github/workflows/deploy.yml | 37 +++++++++++++++++++++++++++++++++++++ 1 file changed, 37 insertions(+) create mode 100644 .github/workflows/deploy.yml diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml new file mode 100644 index 0000000..6674373 --- /dev/null +++ b/.github/workflows/deploy.yml @@ -0,0 +1,37 @@ +name: deploy-terraform + +on: + push: + branches: + - main # Adjust the branch based on our deployment strategy + +jobs: + deploy-terraform: + name: Deploy Terraform + runs-on: ubuntu-latest + environment: test-env + steps: + - name: Checkout Repo + uses: actions/checkout@v4 + + - name: Install Terraform + uses: hashicorp/setup-terraform@v3 + + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Terraform Init + working-directory: terraform + run: terraform init + + - name: Terraform Plan + working-directory: terraform + run: terraform plan + + - name: Terraform Apply + working-directory: terraform + run: terraform apply --auto-approve \ No newline at end of file -- cgit v1.2.3 From fc8e61c0e58df57195c6a33852a0a17ba34322c6 Mon Sep 17 00:00:00 2001 From: Alex Schofield Date: Thu, 15 Aug 2024 16:05:03 +0100 Subject: fix(ci): amend to trigger on commit to test-ci/... --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 6674373..372d0b3 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -3,7 +3,7 @@ name: deploy-terraform on: push: branches: - - main # Adjust the branch based on our deployment strategy + - test-ci/** # Adjust the branch based on our deployment strategy jobs: deploy-terraform: -- cgit v1.2.3